feat(logistics): external attendees self-select lunch dish via tokenized page

External lunch attendees had no way to pick their own dish — an admin had to set it inline and no email was ever sent. (Marine added herself as an external expecting a dish-selection link and never received one.) Adds: - ExternalAttendee.inviteSentAt + additive migration - HMAC-signed external lunch token (mirrors finalist-token) - Public no-login picker page /lunch/pick/[token] — dish + allergens + notes, gated by the lunch change deadline, read-only after - tRPC getExternalByToken / setExternalPick (public) + sendExternalInvite (admin) - Auto-send invite on createExternal when an email is present; per-row resend button + status chip (Invited / Picked / no email) in the logistics screen - Unpicked externals chased by the lunch reminder cron + manual "Send reminders" - sendExternalDishInviteEmail (branded). Page + email title use the configurable venue ("Lunch at {venue}") rather than "grand finale" Tests: token roundtrip/tamper/expiry, selectUnpickedExternals filter, get/set-by-token happy + deadline + bad-token, createExternal auto-send, cron external reminders. Full suite 303 passing; build clean. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
2026-06-05 12:04:13 +02:00
parent f2c8cc1e80
commit 8d4f0bac1e
15 changed files with 1292 additions and 4 deletions
--- a/tests/unit/external-lunch-token.test.ts
+++ b/tests/unit/external-lunch-token.test.ts
@@ -0,0 +1,36 @@
+import { describe, it, expect, beforeAll } from 'vitest'
+import {
+  signExternalLunchToken,
+  verifyExternalLunchToken,
+} from '../../src/lib/external-lunch-token'
+
+beforeAll(() => {
+  process.env.NEXTAUTH_SECRET = 'test-secret-for-external-lunch-tokens'
+})
+
+describe('external lunch token', () => {
+  it('round-trips a payload', () => {
+    const exp = Math.floor(Date.now() / 1000) + 86400
+    const token = signExternalLunchToken({ externalId: 'cmx_test', exp })
+    const verified = verifyExternalLunchToken(token)
+    expect(verified.externalId).toBe('cmx_test')
+    expect(verified.exp).toBe(exp)
+  })
+
+  it('rejects tampered tokens', () => {
+    const exp = Math.floor(Date.now() / 1000) + 86400
+    const token = signExternalLunchToken({ externalId: 'cmx_test', exp })
+    const tampered = token.slice(0, -2) + 'xx'
+    expect(() => verifyExternalLunchToken(tampered)).toThrow(/signature/i)
+  })
+
+  it('rejects expired tokens', () => {
+    const exp = Math.floor(Date.now() / 1000) - 1
+    const token = signExternalLunchToken({ externalId: 'cmx_test', exp })
+    expect(() => verifyExternalLunchToken(token)).toThrow(/expired/i)
+  })
+
+  it('rejects malformed tokens', () => {
+    expect(() => verifyExternalLunchToken('not-a-token')).toThrow(/malformed/i)
+  })
+})
--- a/tests/unit/lunch-cron.test.ts
+++ b/tests/unit/lunch-cron.test.ts
@@ -14,6 +14,7 @@ vi.mock('@/lib/email', async () => {
    ...actual,
    sendLunchReminderEmail: vi.fn(async () => undefined),
    sendLunchRecapEmail: vi.fn(async () => undefined),
+    sendExternalDishInviteEmail: vi.fn(async () => undefined),
  }
 })

@@ -29,6 +30,7 @@ afterAll(async () => {
      where: { confirmation: { project: { programId } } },
    })
    await prisma.finalistConfirmation.deleteMany({ where: { project: { programId } } })
+    await prisma.externalAttendee.deleteMany({ where: { lunchEvent: { programId } } })
    await prisma.dish.deleteMany({ where: { lunchEvent: { programId } } })
    await prisma.lunchEvent.deleteMany({ where: { programId } })
    await cleanupTestData(programId, [])
@@ -58,6 +60,7 @@ describe('GET /api/cron/lunch-reminders', () => {
  beforeEach(async () => {
    vi.clearAllMocks()
    if (!process.env.CRON_SECRET) process.env.CRON_SECRET = 'test-secret'
+    if (!process.env.NEXTAUTH_SECRET) process.env.NEXTAUTH_SECRET = 'test-secret-nextauth'
  })

  it('rejects without CRON_SECRET', async () => {
@@ -119,6 +122,33 @@ describe('GET /api/cron/lunch-reminders', () => {
    expect(row?.reminderSentAt).not.toBeNull()
  })

+  it('sends dish invites to unpicked external attendees inside the window', async () => {
+    const program = await createTestProgram({ name: `cron-rmd-ext-${uid()}` })
+    programIds.push(program.id)
+    const eventAt = new Date(Date.now() + 25 * 3_600_000)
+    const event = await prisma.lunchEvent.create({
+      data: {
+        programId: program.id,
+        enabled: true,
+        eventAt,
+        venue: 'La Terrasse',
+        changeCutoffHours: 24,
+        reminderHoursBeforeDeadline: 4,
+      },
+    })
+    // emailed + no dish → invited; no-email → skipped
+    await prisma.externalAttendee.create({
+      data: { lunchEventId: event.id, name: 'Emailed Guest', email: `ext-${uid()}@x.test` },
+    })
+    await prisma.externalAttendee.create({
+      data: { lunchEventId: event.id, name: 'No Email Guest' },
+    })
+    const res = await callCron('lunch-reminders')
+    expect(res.status).toBe(200)
+    const { sendExternalDishInviteEmail } = await import('@/lib/email')
+    expect(sendExternalDishInviteEmail).toHaveBeenCalledTimes(1)
+  })
+
  it('is idempotent — re-running with reminderSentAt set does not resend', async () => {
    const program = await createTestProgram({ name: `cron-rmd-idem-${uid()}` })
    programIds.push(program.id)
--- a/tests/unit/lunch-external-pick.test.ts
+++ b/tests/unit/lunch-external-pick.test.ts
@@ -0,0 +1,200 @@
+import { afterAll, beforeAll, beforeEach, describe, expect, it, vi } from 'vitest'
+import { prisma, createCaller } from '../setup'
+import { createTestUser, createTestProgram, cleanupTestData, uid } from '../helpers'
+
+vi.mock('@/lib/email', async () => {
+  const actual = await vi.importActual<typeof import('@/lib/email')>('@/lib/email')
+  return {
+    ...actual,
+    sendExternalDishInviteEmail: vi.fn(async () => undefined),
+  }
+})
+
+import { lunchRouter } from '@/server/routers/lunch'
+import { signExternalLunchToken } from '@/lib/external-lunch-token'
+
+const programIds: string[] = []
+const userIds: string[] = []
+
+beforeAll(() => {
+  process.env.NEXTAUTH_SECRET = 'test-secret-for-external-lunch-tokens'
+})
+
+beforeEach(() => {
+  vi.clearAllMocks()
+})
+
+afterAll(async () => {
+  for (const programId of programIds) {
+    await prisma.externalAttendee.deleteMany({ where: { lunchEvent: { programId } } })
+    await prisma.dish.deleteMany({ where: { lunchEvent: { programId } } })
+    await prisma.lunchEvent.deleteMany({ where: { programId } })
+    await cleanupTestData(programId, [])
+  }
+  if (userIds.length > 0) {
+    await prisma.auditLog.deleteMany({ where: { userId: { in: userIds } } })
+    await prisma.user.deleteMany({ where: { id: { in: userIds } } })
+  }
+})
+
+async function newAdminCaller() {
+  const admin = await createTestUser('SUPER_ADMIN')
+  userIds.push(admin.id)
+  return createCaller(lunchRouter, { id: admin.id, email: admin.email, role: 'SUPER_ADMIN' })
+}
+
+function publicCaller() {
+  return lunchRouter.createCaller({
+    session: null,
+    prisma,
+    ip: '127.0.0.1',
+    userAgent: 'vitest',
+  })
+}
+
+async function setupEvent(opts: { eventAt?: Date | null; changeCutoffHours?: number } = {}) {
+  const program = await createTestProgram({ name: `xpick-${uid()}` })
+  programIds.push(program.id)
+  const event = await prisma.lunchEvent.create({
+    data: {
+      programId: program.id,
+      enabled: true,
+      eventAt: opts.eventAt ?? new Date(Date.now() + 30 * 86_400_000),
+      venue: 'La Terrasse',
+      changeCutoffHours: opts.changeCutoffHours ?? 48,
+    },
+  })
+  const dish = await prisma.dish.create({
+    data: { lunchEventId: event.id, name: `Risotto-${uid()}`, dietaryTags: ['VEGETARIAN'] },
+  })
+  return { program, event, dish }
+}
+
+describe('lunch.createExternal auto-invite', () => {
+  it('sends a dish invite and stamps inviteSentAt when an email is present', async () => {
+    const { event } = await setupEvent()
+    const caller = await newAdminCaller()
+    const ext = await caller.createExternal({
+      lunchEventId: event.id,
+      name: 'Marine',
+      email: `marine-${uid()}@example.org`,
+    })
+    const { sendExternalDishInviteEmail } = await import('@/lib/email')
+    expect(sendExternalDishInviteEmail).toHaveBeenCalledTimes(1)
+    const row = await prisma.externalAttendee.findUnique({ where: { id: ext.id } })
+    expect(row?.inviteSentAt).not.toBeNull()
+  })
+
+  it('does not send or stamp when no email is present', async () => {
+    const { event } = await setupEvent()
+    const caller = await newAdminCaller()
+    const ext = await caller.createExternal({ lunchEventId: event.id, name: 'No Email' })
+    const { sendExternalDishInviteEmail } = await import('@/lib/email')
+    expect(sendExternalDishInviteEmail).not.toHaveBeenCalled()
+    const row = await prisma.externalAttendee.findUnique({ where: { id: ext.id } })
+    expect(row?.inviteSentAt).toBeNull()
+  })
+})
+
+describe('lunch.getExternalByToken', () => {
+  it('returns the external, event, and dishes for a valid token', async () => {
+    const { event, dish } = await setupEvent()
+    const ext = await prisma.externalAttendee.create({
+      data: { lunchEventId: event.id, name: 'Guest', email: `g-${uid()}@x.test` },
+    })
+    const token = signExternalLunchToken({
+      externalId: ext.id,
+      exp: Math.floor(Date.now() / 1000) + 86_400,
+    })
+    const res = await publicCaller().getExternalByToken({ token })
+    expect(res.external.id).toBe(ext.id)
+    expect(res.external.name).toBe('Guest')
+    expect(res.event.venue).toBe('La Terrasse')
+    expect(res.dishes.map((d) => d.id)).toContain(dish.id)
+    expect(res.changeDeadline).toBeInstanceOf(Date)
+  })
+
+  it('rejects a tampered token', async () => {
+    const { event } = await setupEvent()
+    const ext = await prisma.externalAttendee.create({
+      data: { lunchEventId: event.id, name: 'Guest', email: `g-${uid()}@x.test` },
+    })
+    const token = signExternalLunchToken({
+      externalId: ext.id,
+      exp: Math.floor(Date.now() / 1000) + 86_400,
+    })
+    await expect(
+      publicCaller().getExternalByToken({ token: token.slice(0, -2) + 'xx' }),
+    ).rejects.toThrow(/signature/i)
+  })
+})
+
+describe('lunch.setExternalPick', () => {
+  it('sets the dish before the deadline', async () => {
+    const { event, dish } = await setupEvent()
+    const ext = await prisma.externalAttendee.create({
+      data: { lunchEventId: event.id, name: 'Guest', email: `g-${uid()}@x.test` },
+    })
+    const token = signExternalLunchToken({
+      externalId: ext.id,
+      exp: Math.floor(Date.now() / 1000) + 86_400,
+    })
+    await publicCaller().setExternalPick({
+      token,
+      dishId: dish.id,
+      allergens: ['GLUTEN'],
+      allergenOther: 'wine',
+    })
+    const row = await prisma.externalAttendee.findUnique({ where: { id: ext.id } })
+    expect(row?.dishId).toBe(dish.id)
+    expect(row?.allergens).toEqual(['GLUTEN'])
+    expect(row?.allergenOther).toBe('wine')
+  })
+
+  it('rejects a pick after the change deadline', async () => {
+    // eventAt 1h out, 24h cutoff → deadline is in the past
+    const { event, dish } = await setupEvent({
+      eventAt: new Date(Date.now() + 3_600_000),
+      changeCutoffHours: 24,
+    })
+    const ext = await prisma.externalAttendee.create({
+      data: { lunchEventId: event.id, name: 'Guest', email: `g-${uid()}@x.test` },
+    })
+    const token = signExternalLunchToken({
+      externalId: ext.id,
+      exp: Math.floor(Date.now() / 1000) + 86_400,
+    })
+    await expect(
+      publicCaller().setExternalPick({
+        token,
+        dishId: dish.id,
+        allergens: [],
+        allergenOther: null,
+      }),
+    ).rejects.toThrow(/deadline/i)
+  })
+})
+
+describe('lunch.sendExternalInvite', () => {
+  it('sends and stamps inviteSentAt for an emailed external', async () => {
+    const { event } = await setupEvent()
+    const caller = await newAdminCaller()
+    const ext = await prisma.externalAttendee.create({
+      data: { lunchEventId: event.id, name: 'Guest', email: `g-${uid()}@x.test` },
+    })
+    await caller.sendExternalInvite({ externalId: ext.id })
+    const { sendExternalDishInviteEmail } = await import('@/lib/email')
+    expect(sendExternalDishInviteEmail).toHaveBeenCalledTimes(1)
+    const row = await prisma.externalAttendee.findUnique({ where: { id: ext.id } })
+    expect(row?.inviteSentAt).not.toBeNull()
+  })
+
+  it('rejects when the external has no email', async () => {
+    const { event } = await setupEvent()
+    const caller = await newAdminCaller()
+    const ext = await prisma.externalAttendee.create({
+      data: { lunchEventId: event.id, name: 'No Email' },
+    })
+    await expect(caller.sendExternalInvite({ externalId: ext.id })).rejects.toThrow(/email/i)
+  })
+})
--- a/tests/unit/lunch-external-reminder-filter.test.ts
+++ b/tests/unit/lunch-external-reminder-filter.test.ts
@@ -0,0 +1,63 @@
+/**
+ * selectUnpickedExternals returns external attendees that:
+ *  - belong to the given LunchEvent
+ *  - have an email on file
+ *  - have NOT picked a dish (dishId is null)
+ *
+ * Externals without an email (can't be reminded) and externals who already have
+ * a dish must be excluded.
+ */
+import { afterAll, describe, expect, it } from 'vitest'
+import { prisma } from '../setup'
+import { createTestProgram, cleanupTestData, uid } from '../helpers'
+import { selectUnpickedExternals } from '@/server/services/lunch-reminders'
+
+const programIds: string[] = []
+
+afterAll(async () => {
+  for (const programId of programIds) {
+    await prisma.externalAttendee.deleteMany({ where: { lunchEvent: { programId } } })
+    await prisma.dish.deleteMany({ where: { lunchEvent: { programId } } })
+    await prisma.lunchEvent.deleteMany({ where: { programId } })
+    await cleanupTestData(programId, [])
+  }
+})
+
+describe('selectUnpickedExternals', () => {
+  it('returns only emailed externals with no dish', async () => {
+    const program = await createTestProgram({ name: `xfilter-${uid()}` })
+    programIds.push(program.id)
+
+    const event = await prisma.lunchEvent.create({
+      data: { programId: program.id, enabled: true },
+    })
+    const dish = await prisma.dish.create({
+      data: { lunchEventId: event.id, name: `dish-${uid()}` },
+    })
+
+    // emailed + no dish → INCLUDED
+    const x1 = await prisma.externalAttendee.create({
+      data: { lunchEventId: event.id, name: 'Has email, no dish', email: `a-${uid()}@x.test` },
+    })
+    // emailed + has dish → excluded
+    await prisma.externalAttendee.create({
+      data: {
+        lunchEventId: event.id,
+        name: 'Has email, has dish',
+        email: `b-${uid()}@x.test`,
+        dishId: dish.id,
+      },
+    })
+    // no email + no dish → excluded (can't email them)
+    await prisma.externalAttendee.create({
+      data: { lunchEventId: event.id, name: 'No email', email: null },
+    })
+
+    const result = await selectUnpickedExternals(prisma, { id: event.id })
+
+    const ids = result.map((x) => x.id)
+    expect(ids).toContain(x1.id)
+    expect(result).toHaveLength(1)
+    expect(result[0].email).toBeTruthy()
+  })
+})